PRIVACY & PERSONAL DATA PROTECTION POLICY

Last updated: 19 September 2025

CONTENTS

PRIVACY & PERSONAL DATA PROTECTION POLICY

  1. Privacy Policy Content
  1. What kind of personal data do we collect

2.3.1 Information collected automatically during your visit and interaction with our website/application

2.3.2 Information you provide to us directly

2.3.3. Hosting and backups

2.3.4. Minors

  1. User Liability and Third Party Content
  1. How we use the personal data we collect

4.1. Purposes of processing

4.2. Profiling

4.3. Payments and Security

  1. Legal bases for processing
  1. Processing of personal data – Recipients
  1. Transfer of personal data to third parties
  1. Data Retention Time
  1. Technical and organizational security measures
  1. Right to withdraw consent
  1. Rights of data subjects
  1. Right to file a complaint
  1. Changes to this policy

Communication

  1. Privacy Policy Content

1.1. The application “Wake App” (hereinafter “the application”) and the website managed by the company ASPENET LTD (hereinafter “the company”), which is the Controller of your personal data that we collect from you during your visit and during the use of the services of our application and website, namely all information that identifies you or can identify you directly or indirectly, in accordance with the General Data Protection Regulation 2016/679 of the European Union (General Data Protection Regulation) Data Protection Regulation , hereinafter referred to as “GDPR”).

1.2. The protection of individuals against the processing of personal data is of utmost importance to the company. Therefore, the collection and processing of personal data by the company is carried out only in accordance with the General Regulation and generally applicable legislation and where required. We take the protection of your privacy and personal data very seriously and have taken all necessary measures to safeguard the security and confidentiality of information concerning visitors/users of our application/website services.

1.3. This Privacy Policy explains:

  1. how we collect, use and share your data. It also describes how long we keep your information and how we keep it secure when we share it,
  2. your rights regarding the protection of your data.

Please read this Privacy and Personal Data Protection Policy of our application/website carefully, in order to be informed about the data information collected from you when you visit it and when you make use of its online services, their use as well as your rights.

1.4. This Policy serves to inform data subjects in accordance with Articles 13-14 of the EU General Data Protection Regulation 679/2016. If you have any questions about this Policy and in general about the way our company collects and processes your personal data, please contact our company at the email address info@mywakeapp.com

1.5. This Privacy Policy applies only to our website and application. Users should note that our website may contain links to other websites, however, the company is not responsible for the practices, terms of use, privacy policy or content of such websites.

  1. What kind of personal data do we collect

2.1. The application «Wake App» is an application through which the user registers for free with his/her email address, specifying a username, password and date of birth. Within the application, the user can a) post photos and videos for sale at a price and in copies that he/she has the power to determine, b) proceed within the application environment to purchase photos or videos that have been posted by other users. The sale price is attributed to the user – seller, having deducted the commission set by the application.

2.2. The purpose of the application is to post photos and videos of all kinds (e.g. material from restaurants, concerts, events, landscapes, lifestyle , etc.) and to provide the user with the opportunity to purchase the material, so that he can use it as he wishes and post it himself on his own social networking networks. The application has software to identify inappropriate content such as nudity or inappropriate language, the posting of which is expressly prohibited. Any material posted for sale is only available for twenty-four (24) hours and is then deleted from the application.

2.3. The use of the above services of our application/website requires the creation of an account for the user of our application/website, by entering specific personal information (e – mail , user name and password, date of birth). In the case of simple browsing on our website, the company does not collect and does not process browsing information that may identify you directly or indirectly, beyond what may be collected automatically from your browsing on our website. Specifically:

2.3.1 Information collected automatically during your visit and interaction with our website/application

Simply browsing our application and website, provided that no registration and use of its online services are made, does not require the visitor to provide/enter personal data. However, by simply visiting and browsing it, certain information may be automatically collected that can identify you directly or indirectly, such as:

  1. your computer’s Internet Protocol (IP) address,
  2. browser type and operating system
  3. the websites you visited immediately before and after your visit to the page,
  4. the connection speed and information about the software programs installed on your computer or mobile phone,
  5. server connection information and
  6. basic information collected via HTML cookies , Flash cookies , web beacons and other similar technologies (see below in the Cookies section ).

2.3.2 Information you provide to us directly

This policy lists the types of personal data we collect, including data to which you provide us with your consent. The user who wishes to register and create a personal profile on our application/website (hereinafter referred to as “user”) is invited to create an account by entering, with his consent, the following personally identifiable information:

  1. Full name / Username
  2. Profile photo (if applicable).
  3. Email address (e- mail )
  4. Password​
  5. Date of birth
  6. Preferred language of communication

Furthermore, by creating profiles and using our application, we automatically collect and process the following data and information:

  1. Usage Data: Information about how you use the app (e.g., views, purchases, “likes”).
  2. Uploaded content: Video and metadata (title, description, upload date, etc.).
  3. Uploaded content: Video and metadata (title, description, upload date, etc.).
  4. Transaction Data: Purchase history (without storing card details).

To create an account, the user is asked to accept this policy.

2.3.3. Hosting and backups

Our application infrastructure and data are hosted on secure virtual private servers (VPS) provided by Hetzner Online GmbH , which is located in the European Union. Hetzner is fully GDPR compliant and implements data protection measures that are compatible with industry standards, such as:

    1. Physical data center security (access control, surveillance, fire protection)
    2. Redundant network infrastructure
    3. Data encryption in transit (via HTTPS/SSL)
    4. Isolation between virtual servers

Additional security measures are being taken such as:

    1. Regular updates and server updates
    2. Strict access controls (SSH key connection, firewall rules)
    3. Frequent backups stored securely
    4. Rate limiting, intrusion detection and anti – DDoS mechanisms

Access to user data on servers is strictly limited to authorized personnel only and only when necessary for the operation of the service or support.

2.3.4. Minors

When collecting information directly from you, we take appropriate care to determine which of the personal information collected relates to minors. In any case, if we determine that we have collected any personal information from a minor under 16 years of age without verifiable parental consent, (as provided for in Article 8 of the EU General Data Protection Regulation 679/2016), we will delete the information from our database as soon as possible. If you believe that we may have collected information from a minor under 16 years of age, please contact us at e – mail info@mywakeapp.com

  1. User Liability and Third Party Content

3.1. The user bears full and exclusive responsibility for any content (photo, video, audio, text or other file) that he uploads, stores or makes available for sale through the application. The application provider bears no responsibility for this content, nor does it guarantee its legality, accuracy or quality.

3.2. Users declare and guarantee that they have all necessary rights (e.g. intellectual, related, image/personality rights) to publish and/or commercially distribute the respective content and that they do not violate the rights of third parties.

3.3. In the event of posting or making illegal content available (e.g. without the permission of the creator, without the consent of the persons depicted, violation of intellectual property rights, etc.), the user who posted it is solely responsible.

3.4. The application is not responsible for any violation of third party rights due to the posting or distribution of content by users. The responsibility lies exclusively with the user who posted it. The application reserves the right to remove or disable content that has illegal, offensive or violating these terms, upon relevant notice and/or at its discretion.

3.5. By posting and/or offering for sale any content (including but not limited to: photos, videos, audio, multimedia) through the application, the user declares and guarantees that:

  a) He is the exclusive creator and/or legal owner of all intellectual property rights and other rights in said content, or has received valid permission from the rights holders for the publication and commercial distribution thereof.

b ) By selling the content to a third party through the application, it provides the buyer with a non-exclusive, perpetual, worldwide, and royalty-free license to use , which includes the ability to reproduce, distribute, publish and republish, publicly display or perform, modify or adapt the content (where applicable), and use for commercial purposes (e.g. advertising, promotion, social networks, works of art, productions, etc.).

3.6. The user waives any claim or demand regarding the subsequent use of the content by the buyer, in accordance with the above concession.

3.7. The application provider does not acquire ownership rights over the content, unless expressly agreed otherwise. Its role is limited to facilitating the buying, selling and exchanging of content between users.

  1. How we use the personal data we collect

4.1. Purposes of processing

The processing of personal data of users of our online services is carried out for the following purposes:

  1. To provide basic app functionality (uploading, buying and selling videos).
  2. To manage user accounts and provide support.
  3. To analyze application usage and improve user experience.
  4. For statistical purposes, analyzing the information we collect to help improve our user profile, monitor and analyze website usage, enhance its functionality, and better shape its content and design.
  5. To prevent abuse and enforce our Terms of Service.
  6. In compliance with our legal obligations and to fulfill our legitimate interests, we may use and disclose the information we collect for the purpose of preventing illegal activities, enforcing compliance with the terms of use of our application/website and otherwise protecting our rights and the rights of our users.

4.2. Profiling

Profiling means the automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person, based on which decisions can be taken that produce legal effects for the natural person. We profile users /athletes and users/professionals who use our online services to provide basic functions of the application (uploading, buying and selling videos).

We take all necessary measures to protect the rights and legitimate interests of our users in the context of profiling , on the one hand by providing an automated right of objection to users who receive personalized automated information material of sports content, and on the other hand by taking all necessary measures to exercise the right of objection.

4.3. Payments and Security

Payments are processed through trusted third-party providers (e.g., Stripe , PayPal ). We do not store or have access to your credit/debit card details. Our payment providers are PCI-DSS compliant and ensure high-level security.

  1. Legal bases for processing

The processing of your personal data is necessary for the fulfillment of the aforementioned purposes. Unless otherwise specified when collecting the personal data, the legal basis for processing it is one of the following:

  1. your explicit consent has been given for the processing of personal data (Article 6 par. 1 point a of the GDPR).
  2. the processing is necessary for the performance of the contractual relationship with you (Article 6 para. 1 lit. b of the GDPR),
  3. the processing is necessary for compliance with a legal obligation of the company (Article 6 par. 1 point c of the GDPR)
  4. the processing is necessary for the purposes of the legitimate interests pursued by the company (Article 6 par. 1 point f of the GDPR),
  1. Processing of personal data – Recipients

6.1. We respect your privacy and only share your information under certain circumstances. We make information about you available to other companies, applications or individuals in the circumstances listed below:

  1. Provided you provide your explicit consent.
  2. We may transfer your personal data to other companies or third parties, but only if and to the extent that such transfer is strictly necessary for the purposes mentioned above.
  3. We may transfer your personal data to judicial, administrative, tax, customs, arbitration authorities or other public authorities, regulatory bodies and lawyers, if this is necessary for compliance with the law or for the establishment, exercise or defense of legal claims.
  4. We may use third parties to provide services related to our website and/or database management, to provide maintenance services, to carry out online marketing activities. These third parties will have access to your information only to perform the above tasks on our behalf. In these cases, we ensure through contractual terms and regular checks that, if and when they have access to personal data, the legislation for its protection is adequately complied with.
  5. We may share information about you in the event that our website is acquired or merged with another company or a similar business transaction occurs. However, our website will notify you by prominently posting a notice or sending a notice to the primary email address specified in your account before your information is transferred and becomes subject to a different privacy policy.
  6. We may share information about you to investigate, prevent or take action regarding illegal activities, if there are suspicions of fraud, if circumstances arise that involve potential threats to the physical integrity or other rights and interests of any person, or if required by law as well as in other cases in which we believe in good faith that sharing the information is necessary.
  7. We may share information about you to respond to subpoenas, search warrants, court proceedings, court orders, legal processes or other law enforcement measures from any competent authority, including the Personal Data Protection Authority and the Data Protection Supervisory Authorities of other European Union member states, as well as to establish and defend our legal rights or to defend claims against us.
  8. In addition to the above cases, we may use the information we collect for any other purposes that will be disclosed to you at the time the information is collected and with your consent, if required.

6.2. The recipients of personal data may be established outside the European Economic Area. In such cases, the Company takes measures to implement adequate and appropriate safeguards for the protection of personal data by other means, notably by using the EU standard binding clauses.

  1. Transfer of personal data to third parties

7.1. The company may transfer the personal data of the subjects only to third-party service providers who perform tasks on behalf of the Company, in relation to the purposes described in this Policy, to the extent that this is necessary for the implementation of the purpose of the processing and the provision of its online services. In this case, the Company takes all necessary measures so that the above service providers are specifically authorized for this purpose and are fully bound by the confidentiality and obligations provided for in the legislation regarding the collection and processing of personal data.

7.2. Furthermore, your data may be transferred to public authorities as well as other third parties when required by applicable law, in accordance with the aforementioned provisions of this Policy.

  1. Data Retention Time

The Company will retain your personal data for as long as necessary to fulfill the processing purposes described in this policy, unless applicable law requires or permits a longer period and for as long as retention thereof is necessary to comply with our legal obligation or to defend our legitimate interests before the Courts.

  1. Technical and organizational security measures

9.1. The Company effectively implements, both at the time of determining the means of processing and at the time of processing, appropriate technical and organizational measures to secure your personal data against accidental or unintentional destruction, loss, unauthorized modification, disclosure or access and against any other unlawful processing of the personal data it manages, which it also checks at regular intervals. Specifically, measures are adopted, designed to implement data protection principles, such as data minimization, and the integration of the necessary guarantees in this processing in a way that meets the requirements of applicable legislation and protects the rights of natural persons.

9.2. We invest heavily in training our staff and infrastructure to ensure that best practices are followed in everything we do. Prevention is best when it comes to security, and as a first step, we implement internal review processes as well as quality assurance procedures specifically designed to prevent potential security risks in our services. Every employee and contractor goes through background checks and an onboarding process, which includes a probationary period where access to customer data is only granted when working under the supervision of another staff member.

9.3. All personnel have access only to systems that are directly required to complete their duties. We use two-factor authentication for all critical systems and communication services. We automatically record all personnel activity using internal logging tools.

9.4. We take security measures, such as:

  • Physical data center security (access control, surveillance, fire protection)
  • Redundant network infrastructure
  • Data encryption in transit (via HTTPS/SSL)
  • Isolation between virtual servers
  • Regular updates and server updates
  • Strict access controls (SSH key connection, firewall rules)
  • Frequent backups stored securely
  • Rate limiting, intrusion detection and anti – DDoS mechanisms

9.5. Access to user data on our servers is strictly limited to authorized personnel only and only when necessary for the operation of the service or support.

9.6. However, despite every effort to store users’ personal data in a secure operating environment, which is not open to the public, the user must immediately inform the company in case their contact details are lost, stolen or used without their permission. In such a case, we will remove your contact details from your account and update our records accordingly.

9.7. When a visitor/user sends information to our website by completing the relevant online forms or sending an e – mail , to service a request from our company, the information must be provided correctly and accurately. The information provided – completed by the visitor/user to service his request is considered confidential and is transmitted only to the directly interested party and to the competent authority or authorities according to the law, in the event that the use by the visitor is contrary to the rules of use of our application/website and in general the applicable Greek legislation. The latter may be considered appropriate in particular when the use of our website by a visitor/user violates its operating rules. In this case, all information of the visitor/user as well as his IP address may be part of any investigation, if this is required to protect the rights of our company. In case of sending data to our application/website, it must not be contrary to Greek legislation and good morals for the use of the internet in general, and must not be altered by the visitor/user who publishes it or with his knowledge by others. This data can be used by our company without any claim from the visitor/user who provides it.

9.8. Each visitor/user is responsible for the use of our application/website and may use its services only for lawful and legitimate purposes and specifically only for purposes related to the field of sports. The visitor/user is not allowed to use the application/website in a way that could destroy, disable or harm our servers or networks, or in ways that interfere with the use and exploitation of our services by any other visitor/user.

9.9. It is also prohibited for the visitor/user to create fake accounts with fraudulent intent, to collect or store personal data of other users in any way. The company reserves the right to seek compensation for any damage suffered by the visitor/user from the violation of the above prohibitions and to take any relevant legal action, procedure and take legal corrective extrajudicial or judicial measures with the aim of preventing a violation of these terms.

9.10. The company reserves the right to take, by way of example and not limitation, any of the following actions:

a) record and store all communication between the visitor/user and the application/website, including e- mail communications and questions and answers to other users/athletes and users/professionals,

b) to investigate any complaint in the event that any communication does not comply with the terms and conditions of use thereof and to decide at its discretion to withdraw or require the withdrawal of such communication,

c) to withdraw communications and data and information sent by the visitor user, which are considered offensive, illegal or annoying or which do not comply with the terms and conditions of use of the application/website

d) to delete registered members when they do not comply with the terms and conditions of use of the application/website after giving them relevant notice.

  1. 10.Right to withdraw consent

By using our application/website and without prejudice to the provisions of specific legislation, such as the legislation on the protection of personal data in the context of electronic communications, as applicable, you provide your explicit consent for all the above cases of processing of your personal data. In case you have given your consent for the processing of specific personal data by the Company, you have the right to withdraw your consent at any time, with future effect. The withdrawal of consent does not affect the lawfulness of the processing that was based on the consent before it was withdrawn. In case of withdrawal of consent, the Company may further process the personal data, only in cases where there is another legal reason for the processing. Regarding the information collected automatically from your browsing of our website, please refrain from visiting it if you do not wish for this information to be collected and processed.

  1. 11.Rights of data subjects

11.1. Visitors/users generally have all the rights provided for in Chapter III of the GDPR, specifically:

  1. Right of access: you have the right to know whether we are processing your data and, if so, to receive a copy of it. The data subject has the right to access the data concerning him or her by submitting a relevant request.
  2. Right to portability : you have the right to receive the above data concerning you, in a structured, commonly used and machine-readable format .
  3. Right to rectification: you have the right to request the correction of your data if it is inaccurate.
  4. Right to restriction: you have the right to ask us to restrict processing, such as not deleting data that you consider necessary for the establishment, exercise or defense of legal claims.
  5. Right to object: you have the right to object to the processing of your data.
  6. Right to erasure: you have the right to request that we delete your data, unless retention is required by law. You can delete your personal data by going to your profile and selecting “Delete account”.

11.2. You can exercise your rights by sending an e – mail to the address info@mywakeapp.com. We also point out that exercising the right to object or delete does not imply the immediate deletion of data or the modification of the processing. In any case, we will respond to you in detail as soon as possible, within the deadlines set by the GDPR.

11.3. Specifically regarding the right to access and delete personal data, the following procedure is followed: The subject in question may address a written request to the company, requesting in principle access to his/her recorded personal data, and if he/she so wishes, may request their deletion. The company will respond to the subject’s request within thirty (30) days, at which time it will inform the subject about the progress of his/her request as well as its implementation. In the event of a request by the subject to delete his/her personal data, the Company deletes the recorded personal data of the requesting subject, provided that there is no obligation or provision by law or any applicable regulatory framework that requires the retention of personal data.

11.4. If any of the above rights (except the right to access and delete data, as explained above ) of the subject is exercised, the Company will take every possible measure to satisfy the request in question within thirty (30) days of its receipt, at which time there will be relevant information on its progress. These rights are exercised at no cost to the subject, unless they are repeated frequently and, due to volume, entail administrative costs for the company, in which case the applicant will be charged with the relevant cost. The Company reserves the right not to satisfy your request, in the event that it is deemed manifestly unfounded or excessive, informing you of the reasons for not satisfying it.

11.5. In the event of an incident where our customer data has been lost, stolen or potentially compromised, our policy is to notify our customers via email no later than 24 hours after our team becomes aware of the incident. We will also report this incident to the relevant data protection authority, and we will take all necessary steps to assist our members in obtaining new security codes.

  1. 12.Right to file a complaint

If you believe that the processing of your data violates Regulation (EU) 2016/679 or you believe that your rights regarding the processing of your personal data are being violated and you are not satisfied with the response of the company as controller, you have the right to submit a complaint to the competent supervisory authority.

  1. 13.Changes to this policy

The Company reserves the right to modify this Policy at any time. The subject should review the Policy for any changes or additions and the Company is not obliged to inform each subject individually about their rights. If visitors/users continue to use our application/website, it is implicitly presumed that they accept the amended terms and conditions and grant their consent, assent, agreement and approval. Otherwise, they must refrain from using – visiting our application/website and using the services it offers. The revised version will be valid from the moment of its. When changes are published to the privacy policy, the company will also revise the “last update” date at the beginning of this.

  1. 14.Communication

If you have any questions regarding this policy or more generally, regarding the activities of the company and our application/website, you can contact us at the email address info@mywakeapp.com.